commit-reach: avoid NULL dereference

The loop at the top of can_all_from_reach_with_flag() already accounts for `from->objects[i].item' being NULL, so it follows the cleanup loop should also account for a NULL `from_one'. I managed to segfault here on one of my giant, many-remote repos using `git fetch --negotiation-tip=... --negotiation-only' where the --negotiation-tip= argument was a glob which (inadvertently) captured more refs than I wanted. I have not reproduced this in a standalone test case. Signed-off-by: Eric Wong <e@80x24.org> Signed-off-by: Junio C Hamano <gitster@pobox.com>
author: Eric Wong <e@80x24.org> 2023-02-11 11:15:26 +0000
committer: Junio C Hamano <gitster@pobox.com> 2023-02-11 11:36:24 -0800
commit: c5773dc078f05a98c9359938dbce3b3dc70aa3bd (patch)
tree: 6e016ecf74b3ef7bb22ce24fc08f20abecb42637 /commit-reach.c
parent: 4067a64672f9db8ca38d5a2682a7cdba7938c18b (diff)
download: git-c5773dc078f05a98c9359938dbce3b3dc70aa3bd.tar.gz
1 files changed, 6 insertions, 2 deletions
diff --git a/commit-reach.c b/commit-reach.c
index 5a845440a9..7e422b0cd3 100644
--- a/commit-reach.c
+++ b/commit-reach.c
@@ -628,8 +628,12 @@ cleanup:
 	}
 	free(list);
 
-	for (i = 0; i < from->nr; i++)
-		from->objects[i].item->flags &= ~assign_flag;
+	for (i = 0; i < from->nr; i++) {
+		struct object *from_one = from->objects[i].item;
+
+		if (from_one)
+			from_one->flags &= ~assign_flag;
+	}
 
 	return result;
 }
author	Eric Wong <e@80x24.org>	2023-02-11 11:15:26 +0000
committer	Junio C Hamano <gitster@pobox.com>	2023-02-11 11:36:24 -0800
commit	c5773dc078f05a98c9359938dbce3b3dc70aa3bd (patch)
tree	6e016ecf74b3ef7bb22ce24fc08f20abecb42637 /commit-reach.c
parent	4067a64672f9db8ca38d5a2682a7cdba7938c18b (diff)
download	git-c5773dc078f05a98c9359938dbce3b3dc70aa3bd.tar.gz